search

TheFreeman193 / PIFS

A collection of build properties for the PIF module
MIT License
505 stars 28 forks source link

Checking new PIF only works with reboot! #13

Closed DocMAX closed 7 months ago

DocMAX commented 8 months ago

Checking new PIF only works with reboot, not just killing the process!

TheFreeman193 commented 8 months ago

Hi there, I can't reproduce this. Changing out my custom.pif.json file (I'm using the osm0sis fork) to one known to fail, killing DroidGuard (killall com.google.android.gms.unstable in a root shell), and re-running an integrity check results in BASIC_INTEGRITY.

Swapping the JSON to one that works, killing DroidGuard again, and running another check returns me to DEVICE_INTEGRITY. I've tested this just now to confirm.

Can you provide some more details on your environment and steps to reproduce?

cycloptux commented 8 months ago

I may be wrong, but this might be related to the fact that the script is only killing com.google.android.gms.unstable and not com.google.android.gms. I'm on LineageOS and the unstable process usually just returns not found if run manually.

TheFreeman193 commented 8 months ago

I may be wrong, but this might be related to the fact that the script is only killing com.google.android.gms.unstable and not com.google.android.gms. I'm on LineageOS and the unstable process usually just returns not found if run manually.

The DroidGuard VM (virtual machine) is what does all the data collection about the hardware/software environment, and runs the bytecode downloaded from Google on-the-fly. The VM process is named com.google.android.gms.unstable and this is what Play Integrity Fix injects code into. The only module code that Zygisk runs in GMS/Play Services (com.google.android.gms) is to set the FORCE_DENYLIST_UNMOUNT option before unloading.

Therefore, killing DroidGuard and restarting it (by running an integrity check) should be sufficient to reload the module code and thus whatever changes have been made to the JSON file. The VM doesn't usually stay running for long so the likes of killall won't find it unless you've just run a check.

In light of this, it may be that whatever method is used to try and stop the DroidGuard VM process isn't working. You can try running the following:

/data/adb/magisk/busybox ps -T | grep "gms\.unstable"

This should show any running threads in the DG VM. Likewise, you can try and use the killall from Magisk's busybox:

/data/adb/magisk/busybox killall com.google.android.gms.unstable